Phishing reporting in organizations: What motivates employees to take action?

In Information and Computer Security, 2025

Abstract

This study aims to investigate the factors influencing employees’ decisions to report suspicious phishing e-mails in organizations, addressing the gap in understanding what motivates users to report and which types of e-mails are most likely to be reported. In this study, the authors sample and interview n = 49 employees from the pool of phishing reporters at a European university. Interviewees are selected based on the sophistication of the e-mails they report, considering both contextual and technical dimensions. The authors cluster reporters according to their (emerging) reporting behavior and conduct semistructured interviews until thematic saturation is reached. Through thematic analysis, the authors identify 21 main themes that drive reporting. The results indicate that the primary drivers for reporting suspicious e-mails are the desire to protect and help the organization and coworkers. Additional factors include a sense of responsibility, awareness of potential consequences and feelings of insecurity. Participants are more likely to report phishing e-mails that appear well-impersonated and with a believable pretexts, signaling user prowess in estimating the potential impact of phishing attacks. This research offers a novel perspective on the complex interplay between motivations to report with a discussion in the broader theoretical context, as well as on the practical implications of the findings.

URL: https://doi.org/10.1108/ICS-02-2025-0037